CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40604

A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.9%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 6.4

References

Products affected by CVE-2021-40604

Invisioncommunity » Ips Community Suite » Version: 4.5.2

cpe:2.3:a:invisioncommunity:ips_community_suite:4.5.2
Invisioncommunity » Ips Community Suite » Version: 4.5.3

cpe:2.3:a:invisioncommunity:ips_community_suite:4.5.3
Invisioncommunity » Ips Community Suite » Version: 4.5.4

cpe:2.3:a:invisioncommunity:ips_community_suite:4.5.4
Invisioncommunity » Ips Community Suite » Version: 4.5.4.2

cpe:2.3:a:invisioncommunity:ips_community_suite:4.5.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40604

Products

Pricing

Contact Us